Critical vulnerabilities in EnOcean SmartServer products expose commercial buildings to remote hacking, allowing attackers to bypass security measures and execute arbitrary code. The flaws, discovered by Claroty researchers, can be exploited to gain unauthorized access to building management systems, potentially leading to disruptions in operations and safety risks. Specifically, the vulnerabilities enable remote code execution, permitting hackers to manipulate building automation systems, including lighting, temperature, and security controls. This level of access can have severe consequences, including physical harm to occupants and financial losses due to system downtime1. The discovery of these flaws highlights the importance of regular security audits and patch management for building management systems, as well as the need for manufacturers to prioritize security in their products. So what this means for practitioners is that they must stay vigilant and proactive in identifying and mitigating potential vulnerabilities in their building management systems to prevent such attacks.